Solaris / OpenSolarisThis forum is for the discussion of Solaris and OpenSolaris.
General Sun, SunOS and Sparc related questions also go here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

I do not get this message for successful ssh logins using my user account. The root and user accounts are local accounts (not NIS).

Does anyone have any suggestions on where to go from here? I've been crawling forums looking for someone else who has this problem ... if anyone else has a link to a thread that covers all the points I have, it would be greatly appreciated.

Telnet is now disabled, but this hasn't changed the behavior of SSH. I am still unable to log in as root, but I can log in as another user.

You missed his point. Allowing root to log in over ssh is VERY BAD, and you shouldn't allow it. Log in as yourself, then switch to root. Telnet is unrelated to your problem, but since it sends passwords plaintext (read: anyone between you and the destination or on the same line can read them), it is EXTRA VERY BAD.

Also, I don't know your distro, but I believe sshd_config is the correct file for... er, sshd. Double-check that the file you have is configuring the service you think it is.

Karamarisan, Repo, Nevahre ... thank you all for taking the time to reply.

First of all, I should try and save my reputation a bit:

I am aware of the security implications involved with allowing root access via SSH. Perhaps I should have mentioned this earlier (or updated my LQ profile) but I work in a hardware development lab on and isolated network. We have no firewalls, no access to the internet, or any other security concerns. Our hosts are used strictly for testing hardware designed by our engineers. As an avid OpenBSD user, I'm glad to see you share the same security concerns regarding SSH/Telnet as I do. I have no idea why our engineers have requested root access via ssh, but that's really none of my business.

Now for my brain-fart moment:

Nevahre nailed it. I was editing ssh_config instead of sshd_config, which is embarrassing. I'd like to sincerely thank Nevahre for addressing my problem, instead of questioning my motives.

Karamarisan and Repo did the right thing by pointing out the security implications, but Nevahre gets the glory.

Heh, glad you've got it. Forgive the alert mode; people asking for what you wanted are vastly more likely to be n00bs (and I do mean that disparagingly for once) who think they don't need to worry about security and/or are too lazy to do it the right way.

Strange that you had this problem, though - any insight as to why sshd_config wasn't there to begin with? You said this is Solaris; done anything weird with it or does it ship that way?

No, I get you (and believe me, I have those all the time). It just seems weird to me that the package didn't even create a blank file - usually there's a fully decked-out config file as both documentation of how to configure it and of the defaults. Oh, well. Good luck (with whatever).

Karamarisan, Repo, Nevahre ... thank you all for taking the time to reply.

First of all, I should try and save my reputation a bit:

I am aware of the security implications involved with allowing root access via SSH. Perhaps I should have mentioned this earlier (or updated my LQ profile) but I work in a hardware development lab on and isolated network. We have no firewalls, no access to the internet, or any other security concerns. Our hosts are used strictly for testing hardware designed by our engineers. As an avid OpenBSD user, I'm glad to see you share the same security concerns regarding SSH/Telnet as I do. I have no idea why our engineers have requested root access via ssh, but that's really none of my business.

Now for my brain-fart moment:

Nevahre nailed it. I was editing ssh_config instead of sshd_config, which is embarrassing. I'd like to sincerely thank Nevahre for addressing my problem, instead of questioning my motives.

Karamarisan and Repo did the right thing by pointing out the security implications, but Nevahre gets the glory.

Thanks again guys. Take care.

Glad you got it cooking. It seems you've got a good handle on things, but this statement jumps out:

Quote:

I have no idea why our engineers have requested root access via ssh, but that's really none of my business.

As a long-time administrator, why people need root access IS the business of the administrator, in my opinion. Granted, they may know what they're doing...but they may not. If system work isn't their primary job, they're more likely to be careless with an "rm -fR *", and YOU will be the one to rebuild the system, while they take a long lunch or go home early, since, after all...'the system is down'.....

I'd strongly recommend using SUDO instead, and log who does what. You can just have them type in "sudo -s", and get a root shell...but will also have a trail that says "user Jerry went to root at 11:17", so if something is hosed, there's no finger-pointing. Also, if someone just decides to change the root password...EVERYONE is locked out of it. If SUDO is working, you can log in as you, and change the root password back, without having to boot single-user, etc.

Glad you got it cooking. It seems you've got a good handle on things, but this statement jumps out:

As a long-time administrator, why people need root access IS the business of the administrator, in my opinion. Granted, they may know what they're doing...but they may not. If system work isn't their primary job, they're more likely to be careless with an "rm -fR *", and YOU will be the one to rebuild the system, while they take a long lunch or go home early, since, after all...'the system is down'.....

I'd strongly recommend using SUDO instead, and log who does what. You can just have them type in "sudo -s", and get a root shell...but will also have a trail that says "user Jerry went to root at 11:17", so if something is hosed, there's no finger-pointing. Also, if someone just decides to change the root password...EVERYONE is locked out of it. If SUDO is working, you can log in as you, and change the root password back, without having to boot single-user, etc.

Just my $0.02 worth...feel free to ignore.

Amen brother. I couldn't agree more. And to all the browsers of this post, take TBOne's advice to heart.

I don't usually go through the whole back-story when posting on forums, because it's easy to lose people's interest. But I can assure you, I would never give another user root on a production system (sudo instead). As I mentioned earlier, my Solaris hosts are used for hardware testing in a development lab. I set up a host meeting their requirements, the engineers do their best to destroy the system, then I get the system back, format the host, and the process starts over again.

But I'm glad to see that you, and the other posters, are paying attention Keep it up. Thx again.